Checking Type Safety of Foreign Function Calls

View/Open

Date

Author

Metadata

Abstract

We present a multi-lingual type inference system for checking type
safety across a foreign function interface. The goal of our system is
to prevent foreign function calls from introducing type and memory
safety violations into an otherwise safe language. Our system targets
OCaml's FFI to C, which is relatively lightweight and illustrates some
interesting challenges in multi-lingual type inference. The type
language in our system embeds OCaml types in C types and vice-versa,
which allows us to track type information accurately even through the
foreign language, where the original types are lost. Our system uses
a representational type that can model multiple OCaml types, because C
programs can observe that many OCaml types have the same physical
representation. Furthermore, because C has a low-level view of OCaml
data, our inference system includes a dataflow analysis to track
memory offsets and tag information. Finally, our type system includes
garbage collection information to ensure that pointers from the FFI to
the OCaml heap are tracked properly. We have implemented our
inference system and applied it to a small set of benchmarks. Our
results show that programmers do misuse these interfaces, and our
implementation has found several bugs and questionable coding
practices in our benchmarks.